Building Ireland’s cyber resilience

Senator Craughwell leads the charge to a secure digital future

Ireland’s digital progress has been extraordinary. From online banking and healthcare systems to remote learning and connected infrastructure, the nation has embraced digitalisation across every sector. However, this transformation has come at a cost. As our digital footprint expands, so too does our exposure to cyber threats.

Cybersecurity is no longer just a technical issue. It is a public concern and a national responsibility. We often picture cyberattacks as distant or unlikely events, something that happens to big tech companies or foreign governments. Attacks in recent years have shown that Ireland is not immune. Irish institutions – such as the HSE in 2021 – have faced serious disruptions, but so too have countless smaller businesses. Many incidents never make headlines but the reality is that companies’ systems, data, personal privacy, financial assets, and systems managed by IT and OT (operational technology) are under continuous threat.

What makes these attacks so dangerous is not just their sophistication. It’s how easily they succeed. In most cases, breaches begin with one thing: human error. It can be as simple as an employee opening a fraudulent email, a manager misunderstanding a digital risk, or a staff member who is unaware that their actions have consequences far beyond their screen.

Awareness is the missing link

Awareness is the critical missing link in our national defence. Most successful cyberattacks don’t rely on elite hacking tools; they rely on people not being prepared. Attackers exploit gaps in understanding – gaps that exist in homes, schools, businesses and public services. Awareness needs to be treated as a core component of Ireland’s cybersecurity response. Without it, no software or firewall can offer enough protection.

Ireland’s small and medium-sized enterprises (SMEs) are particularly vulnerable. They make up most of the country’s enterprises and employ the majority of our workforce. Yet, many of these organisations do not have dedicated cybersecurity teams or robust training in place. The same applies to charities, community organisations, and voluntary services – sectors that handle sensitive data and are crucial to local life but often lack the resources or know-how to defend against threats.

The risk is real. The consequences are national. Partnered with CJHNetwork, Data Edge have participated in conducting cyber reviews across Ireland. We found that a number of SMEs within critical supply chains have already been targeted by cyberattacks. These organisations support navigation, satellite communication, and other essential infrastructure which are of strategic importance. This highlights the growing vulnerabilities in sectors vital to public safety and national services.

Building national cyber resilience

Cyber risk is not theoretical. It is here, it is growing, and it is reaching into the heart of our critical infrastructure. So, what must Ireland do? How do we build resilience before the next wave of attacks hits us harder? We need a coordinated national effort – one that combines public awareness, skilled training, and long-term investment.

It should also ensure consistent funding and empower policy makers to deliver widespread public engagement. This includes strengthening support for SMEs and community organisations, expanding cybersecurity training and awareness across all levels of society, and building a skilled and diverse workforce through education, outreach, and accelerated recruitment. Ireland must also invest in the infrastructure, tools, and partnerships that will enable long-term resilience and readiness.

Our active involvement as part of a national cybersecurity consortium includes participation in discussions at Leinster House and ongoing collaboration with policymakers, and we recognise that collective insights and local experience are key to shaping Ireland’s cybersecurity landscape. Currently, a position paper is being drafted by the consortium under the guidance of Senator Gerard Craughwell, and it is expected to be reviewed by policymakers in Leinster House, including representatives from Defence and other key sectors.

To protect Ireland’s most critical sectors and ensure national resilience, a robust and decentralised training ecosystem is essential – one capable of scaling rapidly and delivering specialised cyber skills aligned with both emerging threats and regulatory expectations.Key training institutes across Ireland should be identified and developed as regional hubs for cybersecurity training, awareness, and workforce development. These centres would help to standardise and scale practical learning across sectors and regions. The National Cyber Security Centre (NCSC) could play a central role in coordinating this effort and ensuring national alignment.

Cybersecurity must become a cultural expectation – not a technical afterthought. We, as a country, have done this before with road safety, public health, and data protection. Cybersecurity can become just as natural if the right foundation is laid.

Leveraging learning from lived experience

ENISA, the European Union Agency for Cybersecurity, published its inaugural NIS360 report (March 2025), which ranked sectors such as health, maritime, public administration, space, and ICT services as being in the “risk zone” – indicating that these sectors remain critically underprepared relative to their importance to public life. Around the same time, the EU’s updated Cybersecurity Blueprint (adopted June 2025) introduced a unified framework for crisis management – defining five clear stages from detection to recovery, emphasising coordinated escalation, shared terminology, and joint drills.

In parallel, the NCSC recently launched the CyFun (Cyber Fundamentals) programme, a welcome initiative aimed at building foundational skills and improving organisational readiness. Together, these developments underscore the need for Ireland to move from a fragmented, reactive posture toward a coherent national strategy – one that aligns with EU-level preparedness and crisis-response standards.

Estonia offers a powerful example. After suffering a nationwide cyberattack in 2007, the country transformed its approach. Today, cyber literacy is embedded into school curriculums, citizens receive regular guidance, and national simulations prepare both government and society for digital threats. Estonia has its own Cyber Ambassador, advocating and influencing for change. It runs education programmes for citizens aged 6 to 96 and regularly competes in EU-wide cyber challenges. Estonia’s model proves that with strong political will and inclusive education, cybersecurity can become part of the national mindset – starting not with fear, but with empowerment.

Cybersecurity is everyone’s responsibility. From rural micro enterprises and urban colleges to the family home and national defence networks, the digital age has connected us all. With that connection comes a shared duty. We at Data Edge, together with our consortium partners, are committed to supporting SMEs through knowledge-sharing and better security solutions, while doing our part in the broader effort to strengthen Ireland’s cyber resilience. In collaboration with our partners, we plan to roll out a quarterly ‘National Cyber Review’ webinar which will highlight the latest regulations and funding available for SMEs, and will summarise the major industry analysis reports, including briefings on the latest cybercrime incidents and methods. The threats may be complex, but the first step is simple. We must pay attention.

By Paul Phelan, CEO, Data Edge

See more stories here.